GDPR Online Privacy Notice

We process personal information for certain legitimate business purposes, which include some or all of the following:

where the processing enables us to enhance, modify, personalise or otherwise improve our services / communications
for the benefit of our customers

to identify and prevent fraud

to enhance the security of our network and information systems

to better understand how people interact with our websites

to provide postal communications which we think will be of interest to you (in the event of your using the contact
form included within this website)

to determine the effectiveness of promotional campaigns and advertising.

Whenever we process data for these purposes we will ensure that we always keep your Personal Data rights in high
regard and take account of these rights. You have the right to object to this processing if you wish, and if
you wish to do so please
click here.

Please bear in mind that if you object this may affect our ability to carry out tasks above for your benefit. If
you wish to read more about our policy and procedures relating to the fair processing of data
click here.

GDPR Compliance Statement

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a privacy and data protection regulation in the European Union (EU) and will be enforceable from May 25 2018 and requires no enabling legislation so automatically becomes binding and applicable on that date.

The GDPR imposes new obligations on organisations that control or process relevant personal data and introduces new rights and protections for EU data subjects.

The GDPR applies to data processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.

Touchstar places a high importance on information security and within our Group we already comply with a number of standards that also focus on information data security.

Touchstar will be complying with the GDPR as a processor and controller of data and have been planning and developing a programme of works which will deliver what is required by the legislation. This will involve working with our suppliers and partner organisations to ensure they can meet these obligations.

As we work towards compliance, we have engaged an external advisor to ensure we deliver best practice in compliance, and our programme up to May 2018 falls into these areas:

Website Data Collection & Consent, Privacy Policy: we will provide an updated framework and privacy policy to incorporate the GDPR obligations. This will include legal framework gap analysis arising from the reviews we undertake as the plan progresses.

Data Impact Assessments & Data Inventory: we are already undertaking a systematic review of the data we store, manage, maintain, collect, process and control. This includes offline storage and paper records. Assessments of the data will review information flow, any data transfers, risk reviews, and structural position in relation to Lawfulness, Purpose, Minimisation, Accuracy, Consent, Limitation, Integrity & Confidentiality, Record Keeping and Accountability.

Training & Awareness: we will undertake training across the Group on the GDPR and its impact on the new policies, procedures, and responsibilities of staff & stakeholders in this new regime.

Controls & Gap Analysis: running alongside the work already underway, we will be reviewing the controls in place, or required.

Supplier & Partner relationships: where relevant and related, we will be using all reasonable endeavours to ensure that our third party and suppliers are complying with the GDPR.

Technology: we will be reviewing our technology platforms to analyse their operation, security, compliance in order to ensure that they meet the standards we have laid down and identify any gaps and risks.

Outbound Marketing: GDPR mandates that the processing of personal data can only be undertaken when at least one of six criteria has been met. The most obvious choice for businesses already working with data is 'legitimate interests'. The legitimate interests basis has three elements: identify a legitimate interest; show that processing is necessary to achieve it; and balance it against the individual’s interests, rights and freedoms. Touchstar operate exclusively within 'niche' vertical sectors / industrial B-2-B markets. As such we acquire / build data for the sole purpose of highlighting the availability of our data capture / mobile computing solutions and promoting industry best practice to individuals with a defined job function operating within these sectors. We do not undertake mass / 'spam' broadcast marketing that targets non-relevant individuals or organisations with irrelevant information. That said, Touchstar recognise that not all target contacts that are relevant to it's operations will wish to receive information on the organisation's products and solutions. Touchstar provide an easy 'one button' unsubscribe process that enables email recipients to be automatically and permanently unsubscribed from its master mailing database. Should recipients prefer to contact Touchstar directly via other means, such as email or letter, with a request to be unsubscribed then these requests are processed within 24 hours and the requesting party notified directly of the deletion of the data. Touchstar maintain a stance of 'legitimate interest' which has been ratified by external GDPR consultants.

Our Data Protection Officer, our Senior Management Team and advisors will continue to monitor the programme up to the target date in May 2018 and beyond.

The Legitimate Interests GDPR clause

When analysing our compliance with GDPR legislation Touchstar has opted by the 'Legitimate Interests' clause of the legislation to justify it's data processing activities. “Legitimate Interests” means the interests of our company in conducting and managing our business [to enable us to give you the best service/products and the best and most secure experience]. For example, we have an interest in making sure our marketing is relevant for you, so we may process your information to send you marketing that is tailored to your interests.

It can also apply to processing that is in your interests as well. For example, we may process your information to protect you against fraud when transacting on our website, and to ensure our websites and systems are secure. When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate business interests do not automatically override your interests - we will not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

Processing Activity

The processing of your data is subject to the following activity. Data is acquired via listing building, list purchase, the completion of web contact forms or the completion of exhibition enquiry cards. Touchstar marketing communication activity is focused on broadcast email campaigns. For email broadcast purposes our email address will be added to our third party cloud-based delivery system (SendInBlue). All other contact data (name, address, telephone number etc.) is not recorded or retained within this system and is removed from other computer storage facilities (e.g. laptops or desktops). The SendInBlue system is used exclusively to provide individuals with information relating to industry best practice, industry technological developments, company product developments and enhancements, core sales messages. Your data is not subject to any form of additional processing and is not shared with any third party. The SendInBlue servers are located within France and the organisation is itself bound by GDPR regulations relating to data processing and security. Further information on SendInBlue's compliance can be found at www.sendinblue.com

You have the right to object to this processing if you wish and if you wish to do so please contact us at gdpr@touchstar.co.uk